Disable ESXi fibre ports using PowerCLI

I have to start this post with a warning to run this script at your own risk. If you’re careful and know exactly what you’re doing, this can be very useful. Misuse of this script can cause data corruption and unnecessary outages. So why would I write such a script?

Like most data centers, we use multiple independent fibre SANs. This is supposed to allow us to do maintenance and sustain the loss of a network. Unfortunately, we got burned when things didn’t work as they should.

We were doing a routine firmware upgrade on one of the SAN switches. This is a smooth process which should have no impact to traffic. Unless the switch suffers a kernel panic like ours did. In a multi-path enabled host, the fibre card is responsible for identifying a path being down and reporting back to the VMkernel with a “No_Connect” message. The kernel should then re-route traffic to the remaining active paths. For reasons unknown, a number of our hosts never got the message and ultimately HA had to migrate a bunch of production VM’s.

We’ve since made changes to our PSP’s, ALUA’s, and LPFC drivers. Now it’s time to upgrade another SAN switch. Even after hours of testing, we’re still a bit nervous about the upgrade. For piece of mind I wanted some sort of port maintenance mode, and this is what I came up with.

Usage:

Change vcenter.fqdn to the name of your vCenter server

Place your host in maintenance mode (to be safe)

Execute the script and append the hostname to the command line entry (see example below)

Select the WWPN you would like to disable

Verify whether you want to go through with this

To begin, we see all four paths are active.

Launch the script with the host name appended.

Now we see the paths disabled for that port across all storage devices.

I’d highly recommend running this in your sandbox environment for the first time.